[jira] [Commented] (SENTRY-2264) It is possible to elevate privileges from DROP using alter table rename

Mon, 11 Jun 2018 18:14:19 -0700 


    [ 
https://issues.apache.org/jira/browse/SENTRY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16509029#comment-16509029
 ] 

Hadoop QA commented on SENTRY-2264:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12927391/SENTRY-2264.001.patch 
against master.

{color:red}Overall:{color} -1 due to 7 errors

{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestOperationsPart2
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.hive.TestOperationsPart1
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart2
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart2
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart1
{color:red}ERROR:{color} Failed: 
org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart1

Console output: 
https://builds.apache.org/job/PreCommit-SENTRY-Build/3874/console

This message is automatically generated.

> It is possible to elevate privileges from DROP using alter table rename
> -----------------------------------------------------------------------
>
>                 Key: SENTRY-2264
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2264
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Major
>         Attachments: SENTRY-2264.001.patch
>
>
> After introducing FGP, a user with only DROP on a database db1 and at least 
> CREATE on db2 can run ALTER TABLE RENAME db1.table1 db2.table2, and thus 
> elevate their privileges.
> To reproduce:
> As admin (e.g. hive):
> 1. Create db1, db1.table1, db2, role r1.
> 2. Grant DROP on db1 to role r1.
> 3. Grant ALL on db2 to role r1
> 4. Grant role r1 to user testuser1.
> As testuser1:
> 1. use db1; alter table db1.table1 rename to db2.table1
> 2. select * from db2. table1
> Result: the select command succeeds.
> Desired behavior:
> we should at least require following privileges to execute the table rename 
> command:
> table level "SELECT" and database level "DELECT" at source
> database level "CREATE, INSERT, ALTER" at destination.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to